Currently, the OPENFLOW protocol is the most popular protocol in the SDN field. In the OPENFLOW protocol, a control function of a network device is separated from a forwarding function of the network device. Further, all control functions are centralized on a remote controller (Controller) for implementation, while an OPENFLOW switch (Switch) may be responsible for only operations of simple high-speed data forwarding and the like. In a running process of the OPENFLOW switch, data forwarding of the OPENFLOW switch is based on a flow table, and the controller may control the flow table on the OPENFLOW switch using an OPENFLOW protocol interface specified in advance, thereby achieving an objective of data forwarding control.
However, currently, the OPENFLOW protocol still lacks authority control over each flow entry in the flow table. Therefore, a problem that a flow entry is arbitrarily modified may be caused such that system security is reduced.
For example, in some scenarios, an OPENFLOW switch stores some default important flow entries. For example, in a plug-and-play ad hoc network scenario, an OPENFLOW switch stores a default flow entry related to an ad hoc network, and if the default flow entry is deleted by the OPENFLOW switch according to a control instruction (which may also be referred to as a management instruction) delivered by a controller, an ad hoc network function of the OPENFLOW switch becomes invalid. For another example, in a scenario in which multiple controllers operate a same OPENFLOW switch, if a flow entry related to controller A is modified or deleted by the OPENFLOW switch according to a control instruction delivered by controller B, controller A cannot continue to perform a corresponding control operation according to the flow entry, and corresponding processing on controller A is affected.
Therefore, currently, it is urgent to provide a method for performing corresponding authority control over a flow entry in the OPENFLOW protocol to solve the foregoing problems.